back to article Microsoft vs the long arm of US law: Straight outta Dublin

The US government can get access to your data stored outside the United States. A controversial ruling by the New York District Court made it clear earlier this year just how far US warrants can extend. The judge ruled that Microsoft had to hand over customer data it was holding in its Dublin data centre. But this is not the end …

  1. Paul Crawford Silver badge

    Money talks

    Funny how PRISM did not phase the big US companies, but the prospect of losing business did cause some backbone to be shown?

    Really the lesson is don't use any company that is not 100% in our own legal territory, and (especially if you can't do so) make sure all data is encrypted with keys that only our own business has access to.

    Sure that won't stop a court order to gain access, but that raises the bar from simply fishing for stuff to 'probable cause', and you also know about it so can take proper legal steps to defend against the action.

    1. Anonymous Coward
      Anonymous Coward

      Re: Money talks

      Funny how PRISM did not phase the big US companies, but the prospect of losing business did cause some backbone to be shown?

      PRISM did phase the big US companies very much, and precisely because they realized they risked losing business. Why do you think Google and Yahoo have trumpeted that user data is now encrypted? That's also the reason Microsoft went to the trouble of putting its data out of the US…

      1. Wensleydale Cheese

        Spelling

        phase --> faze please

        faze |feɪz|

        verb [ with obj. ] informal

        disturb or disconcert (someone): she was not fazed by his show of anger.

        ORIGIN mid 19th cent. (originally US): variant of dialect feeze‘drive or frighten off’, from Old English fēsian, of unknown origin.

      2. BillG
        Devil

        Re: Money talks

        the judge granted the warrant, explaining: “If the territorial restrictions on conventional warrants applied to warrants issued [in this case], the burden on the Government would be substantial, and law enforcement efforts would be seriously impeded.”

        Translation: "It would be too hard to get this data legally so screw it, just hand it over, bitch."

    2. kmac499

      Re: Money talks

      The bottom line incentive is always guarenteed to get the attention of US Business, and the US Govt. if it believes others are eating 'their' lunch. (see numerous trade diputes over the years.)

      But this can be a good thing, with climate change rising up the political agenda again, and it's twin concern of energy security, the Rockefellers have decided to jump ship from fossil to green energy production investments.

      Call me old fashioned but I suspect that is just as much a case of let's make sure we have a business in the future as any environmental concern.

      Plus there are elections due this November in the US. I expect Microsoft and all the other cloud vendors will have a well stocked fridge of prawn cocktails on standby...

  2. Otto is a bear.

    Contempt

    What this shows is that the US legal process has complete contempt for international agreements, and process. Microsoft is right to fight this, to protect its business, but I suspect it will loose. The US has a history of trying to apply its domestic law outside its borders, to suit its own agenda.

    I have a feeling that shifting your data to non US cloud providers will be a problem as well, firstly, Microsoft and Oracle want your business in their clouds and make it difficult for others to offer a competing service, though MS are changing their approach. As for Amazon and rackspace, well...

    But what about the non-US tier 1 SIs and Telcos, want to bet that the DoJ will attack them through their US subsidiaries next. That's good news for domestic providers, but bad news for multi-nationals who have to operate across borders. I wouldn't be too worried about local security services exchanging information with the US, they will never the the NSA see things that are against their own national interest.

    1. ratfox
      Headmaster

      Re: Contempt

      but I suspect it will loose

      loose → lose

    2. John Brown (no body) Silver badge

      Re: Contempt

      "Microsoft and Oracle want your business in their clouds and make it difficult for others to offer a competing service,"

      The obvious solution is locally incorporated independant franchis companies in each national jurisdiction who then licence the branding and tools and purchase "goods" from a third party holding company, eg the Starbuck model where Starbucks UK makes little to no profit because all it's income goes on "running costs" such as the normal ones plus brand licening paid to Starbuck Netherlands and Coffee bought at high cost from Starbucks Switzerland.

  3. Christoph

    Have the US government explained how they would react if, say, Andorra decided it could enforce an order to grab data from a server in the USA?

    Hang on, make that Grand Fenwick.

    1. frank ly

      Well, if an Andorra based company, run by Andorran resident citizens was selling data storage services and then 'exporting' data to USA based servers, the Andorran government would probably bring sanctions against those citizens if they refused to hand over the data. I doubt that the US government would have any grounds for objecting. The data would not be obtained by Andorra sending in special forces troops with USB sticks, it would be accessed via the internet, under legal compulsion.

  4. Ole Juul

    Better sooner than later

    a UK customer wants to make it harder for the US government to get access to its data, it must encrypt the data and remove every single US company from its IT cloud and data supply chains.

    That last one appeals to me.

  5. frank ly

    Will the German government be sensible?

    " ...the German government reportedly stating that it won’t use data storage from US companies unless the ruling is overturned."

    Overturned rulings can be turned back. New rulings can be made. Do the sensible thing and think about long-term possibilities.

    1. big_D Silver badge
      Big Brother

      Re: Will the German government be sensible?

      My understanding is, if Microsoft lose and Microsoft US has to hand over the data, which "belongs" to Microsoft Ireland, as it is on Irish soil in a data center owned by MS Ireland, as far as I am aware, then the executives in Ireland will be liable to prosecution under EU data protection laws.

      MS will have handed over the data to a third party outside the EU, without a valid EU warrant and wihtout getting written permission from the account holder and anybody identifiable in his correspondence. The account holder could also find himself facing prosecution in the EU for "allowing" MS to hand the data over - although that will probably be the least of his worries then...

      1. Ross K Silver badge

        Re: Will the German government be sensible?

        My understanding is, if Microsoft lose and Microsoft US has to hand over the data...then the executives in Ireland will be liable to prosecution under EU data protection laws.

        Your understanding is wrong. Data is shared and moved across borders all the time.

        What EU data protection laws do you think they could be prosecuted under?

        Anybody using a Microsoft cloud offering should look at the terms of service:

        "Microsoft will not transfer Customer Data outside the major geographic region you specify (for example, from the United States to Asia or from Europe to the United States) except:

        where you configure the account to enable this, including through use of features that may not enable regional selection or may use multiple regions, as specified in the Microsoft Azure Trust Center (which Microsoft may update from time to time but Microsoft will not add exceptions for existing features in general release); or

        where necessary to provide customer support, to troubleshoot the service or to comply with legal requirements."

        If you're a user of the service, that's what you agreed to.

        Tough titty if you didn't read the small print.

        1. big_D Silver badge

          Re: Will the German government be sensible?

          Ross,

          EU Data Protection law says that Microsoft cannot hand the data over to a third party outside of Europe without an EU warrant or written permission.

          That is the problem. Microsoft US might have to concede and hand over the data to US Authorities, but THAT act is illegal under EU law, where the data is held, so they open themselves up to prosecution in the EU.

        2. Steve Todd
          Stop

          Re: Will the German government be sensible?

          @Ross, you seem to have confused commercial law in the form of the EULA with criminal law in the form of the EU Data Protection Directive as implemented in Irish law. The EULA CANNOT remove rights and legal obligations under criminal law. You could write into the EULA that Microsoft have the right to kill you (no one reads it anyway), but criminal law renders that null and void.

          1. A Non e-mouse Silver badge

            Re: Will the German government be sensible?

            @Ross & @Steve Todd

            The EULA CANNOT remove rights and legal obligations under criminal law

            In the UK, a contract cannot override any law. But I believe in America this isn't the case. A quick google shows this page www.law.cornell.edu/wex/contract

            "[The contract] may override many of the rules otherwise established by state law."

            1. I ain't Spartacus Gold badge

              Re: Will the German government be sensible?

              Is that state rather than federal law?

              It also depends on the legal jurisdiction of the original contract. I would expect it to be under Irish law, if the contract is with MS Ireland for example. So that wouldn't apply. Also the companies in question are subject to European Data Protection regulations whatever happens, and can't get out of it. So even if they cock up and agree to a contract under a foreign legal jurisdiction, they can't get out from under their own legal obligations.

              Certainly when I worked for a US multi-national we were legally barred from exporting our German payroll data outside the EU. In fact, I think it might have even have been outside Germany.

              A law that even European level management were quite pissed off with, and seriously discussed breaking.

              1. big_D Silver badge

                Re: Will the German government be sensible?

                @I ain't Spartacus

                Yep, financial (tax relevant) data cannot be exported anywhere outside of Germany without a special dispensation from the German Finanzamt.

            2. big_D Silver badge

              Re: Will the German government be sensible?

              @A Non e-mouse

              yes, but we are talking Irish law here, and EU law. Both trump US law in Ireland!

              1. Yet Another Anonymous coward Silver badge

                Re: Will the German government be sensible?

                > Both trump US law in Ireland!

                I think you will find that the only thing likely to trump US law in Ireland is US money

        3. Yet Another Anonymous coward Silver badge

          Re: Will the German government be sensible?

          >or to comply with legal requirements."

          But you generally assume the legal requirements to be those of the country you are doing business in - especially when you specify that the data is to remain in the Eu.

          If I'm allowed to choose which countries laws I apply to all my contracts then life is going to get very easy. Product safety tests in Liberia are a lot easier to pass then TuV's

          1. Anonymous Coward
            Anonymous Coward

            `then' -> `than'

            For ``a lot easier to pass than TuV's'', since we seem to be on a roll in this thread. :-)

        4. John Brown (no body) Silver badge

          Re: Will the German government be sensible?

          "Tough titty if you didn't read the small print."

          Contract small print may not be legally binding unless or until it's tested in court and this sort of thing, which may involve companies, bodies or government agencies with money and lawyers may be one of the things that causes those T&Cs to be judicially tested.

  6. Ross K Silver badge
    Black Helicopters

    Typewriters?

    There is an alternative: the Russian and German governments have recently invested in typewriters following the Snowden revelations, but I’m not sure if that's really going to catch on.

    The only thing I'd say to using typewriters is "good luck with that"....

    Project GUNMAN - the Russians were bugging typewriters in the 70s and 80s, so they are more than likely aware of the disadvantages of going old-school.

  7. Test Man

    Data is held by Microsoft Ireland. It's a separate company in the same way that any other company is separate, albeit ultimately owned by Microsoft Corporation. Judge cannot force Microsoft Corporation to make Microsoft Ireland give them the data in the exact same way you can't force one company to make another company in a completely different jurisdiction to give them data. The judge cannot make Microsoft Ireland do anything. The judge is an idiot.

    1. frank ly

      The judge isn't trying to make Microsoft Ireland do anything. He's trying to make the executives of Microsoft Corporation (USA) do something.

      1. Test Man

        Microsoft Corporation can't do anything though, because Microsoft Ireland are bound by Irish (and EU) laws. The judge is therefore a total idiot in not understanding that.

        1. P. Lee

          >The judge is therefore a total idiot in not understanding that.

          The judge isn't an idiot, he's betting that the Irish will not kick up a stink and that the US will rule the world.

          1. Test Man

            The Irish aren't going to kick up a stink because it doesn't involve them. Understandably, Microsoft (Corporation) are livid at the complete nonsense and are doing nothing. The judge isn't getting anywhere with judgement that is unenforceable.

            1. ratfox

              @Test Man: Welcome to planet Earth

              If Microsoft US ultimately loses its appeal, and faces the prospect of heavy fines for not somehow turning over the data, they will order Microsoft Ireland to turn it over. Microsoft Ireland might well be technically an independent company, but it still has to do whatever Microsoft US tells it to do.

              1. Yet Another Anonymous coward Silver badge

                Re: @Test Man: Welcome to planet Earth

                >If Microsoft US ultimately loses its appeal

                Then Microsoft / Oracle / HP / Amazon etc will effectively be banned from any cloud business in Europe that involves medical, financial, HR or other sensitvie data.

                That means a lot of congressmen are going to go without their campaign funds come election time.

    2. Anonymous Coward
      Anonymous Coward

      "Data is held by Microsoft Ireland. It's a separate company "

      Yeah, right. I take it you're a tax lawyer?

      1. Grikath

        @ Robert Long 1

        Nope. Company law.... A company is a *distinct* natural entity, just like a real person, that happens to be able to be "owned" by other natural persons or entities.

        In this case the judge expects an american owner to force an irish "citizen" to break local and EU law, thereby breaking US and EU law, and quite a few international laws, customs and treaties.

        The Judge requires Microsoft US to become an international criminal simply because (s)he knows (s)he hasn't got a paper gnat's chance in hell of getting done what (s)he wants through international legal channels.

        So yeah.. Microsoft is in the right there, as the whole concept is ridiculous.

        1. Anonymous Coward
          Anonymous Coward

          Re: @ Robert Long 1

          "Nope. Company law.... A company is a *distinct* natural entity, just like a real person, that happens to be able to be "owned" by other natural persons or entities."

          A company is not a natural entity, it's just a bunch of people trying to avoid things - risk, responsibility, and so on. Microsoft Ireland is part of Microsoft created only and solely for the avoidance of tax. What the law says about it is of no bearing on reality and those that swallow the line that law makes truth deserve the shafting they get every day from the corporations that pay big bucks to have that law written for them (very specifically, in this case, since it was US rail-baron money that got us the original "corporations are entities" crap).

          1. Yet Another Anonymous coward Silver badge

            Re: @ Robert Long 1

            Microsoft Ireland is created solely for to allow them to run cloud services for Eu customers. Obeying local laws like data protection.

            How would US consumers feel if US Toyota had refused to pay up for their American car troubles by claiming that they were a Japanese company and US rules and courts didn't apply to them?

          2. SImon Hobson Bronze badge

            Re: @ Robert Long 1

            > A company is not a natural entity, it's just a bunch of people trying to avoid things - risk, responsibility, and so on.

            That latter bit may well be true, but in law, a company is a "legal entity" in it's own right - in a lot of legal areas you can interchange "company" and "person". In this case, previous comments are correct - the legal entity which is holding the data is Microsoft Ireland - a separate entity to Microsoft US. Yes there is a relationship where (I assume) Microsoft (US) owns 100% of the shares in Microsoft (Ireland) - but they ARE separate legal entities.

            Irrespective of what any US court thinks - it would be a criminal act for Microsoft (Ireland) to hand over (or allow to be taken remotely) any of the data. Given the profile, I cannot see the Irish regulators turning a blind eye - and if they did, the EU regulators would then start sticking their nose in.

            Unless MS win their appeal, it's tough either way - they either get stuffed in the US, or they stuffed in the EU !

            What would make things even more interesting would be if someone (especially the person who's data is being sought) with data held my Microsoft (Ireland) applied to a court for a specific injunction preventing the export of data. You now have two courts ordering complete opposites.

        2. Boork!

          Re: @ Robert Long 1

          That would make the U.S. judge behind this demand guilty of conspiring to break EU law. This requires an immediate arrest warrant!

          Whatever about data-sharing treaties, there are several solid extradition treaties between the U.S. and EU countries. And Mountjoy prison, near the scene the crime in Dublin, Ireland, is one of the grottiest, foulest, nineteenth century prisons still in existence. He can busy himself picking woodlice from his lumpy porridge.

  8. Desk Jockey

    European data protection

    I would have appreciated an explanation of how Euripean data protection laws have failed in this case?

    If the data is held/owned by a European citizen in a European country then one would assume that the US government forcing disclosure through its US arm would put that company in breach of the European law. I would guess because this qualifies as the company giving data to a third party without the user's consent (the US Govt counts as a 3rd party because it is not a legitimate authority for forcing data disclosure in a European jurisdiction hence it needs to ask a legitimate authority to do so on its behalf). You would have thought Mircrosoft would argue that a US court cannot force it to break the law in another country.

    However if a US citizen's data is stored in a European jurisdiction, is their data afforded the same level of protection under European law? Of course the US Govt would be able to make a request to that European Govt for disclosure and as it was on a US citizen I would guess it would be amenable to that request, but does the US Govt still have to make that request or is it assumed that the data (by virtue of belonging to a US citizen) comes under US jurisdiction?

    No matter to me, I still wouldn't store any sensitive stuff on US servers, but I curious to know where the law stands on this. We all alreadt know the US courts have a very loose definition of jurisdiction when it suits them, it is the European side that counts.

    1. Steve Davies 3 Silver badge

      Re: European data protection

      to quote Capt Mannering,

      'silly boy'

      Don't you realize that the US Gov't will get your data if it is held anywhere outside NOK, PRC or Russia (and possibly even in the last two) if it decides that you are a threat to them. I will not matter what local laws are broken in their war against terrorism. Remember 'Extraordinary Rendition'. Despite being illegal that didn't stop it happening now did it?

    2. Yet Another Anonymous coward Silver badge

      Re: European data protection

      The US government can make a request to the Eu company holding the data and try and get an Eu warrant. Them being a US citizen doesn't trump local law any more than being a Russian citizen gives Putin the right to send someone to visit you with a polonium tipped brolly.

  9. Richard Jones 1
    FAIL

    Who Still Has Data In MS Ireland?

    I am surprised that anyone still has real, as opposed to dummy/false data still held by MS Ireland. While e-mails and similar communications might pass via a US parented company, storing data which I take to mean business or personal information in a facility not owned and controlled by the data owner was always going to end badly. Just look at the 'celebrities' who apparently/allegedly stored personal stuff on the web.

  10. Paul Smith

    Do a little research

    This is not about one individual keeping details of their drug deals on a server in Dublin, this is about MS trying to sell Office365 to every company in Europe. It looks like having every European quote, tender, offer, invoice and patent application sitting almost in within its reach has prooved too much temptation for the greed of US lawmakers and corporations.

    The States has never had a tradition of respecting anyone or anything else, but when the judges are now saying that international treaties are not worth the paper they are written on, you have to ask cui bono? Who is this benefiting?

    1. Anonymous Coward
      Anonymous Coward

      Re: Do a little research

      My employer is well aware of this. We're always looking to keep our data on our servers in our machine rooms.

      I like it, too, because it helps keep me in a job :-)

  11. David Austin

    Non US Cloud partners

    OK, then, Hive Mind:

    If you wanna chose the option of not dealing with a cloud company with a US office or HQ... what are the options?

    A quick bit of Google-fu didn't bring much up, so let's throw some names around - I'd expect them to be screaming "No US Presence whatsoever!" at the rafters, but there didn't seem to be much.

    A possible future review/comparison article, El Reg?

    1. Anonymous Coward
      Anonymous Coward

      Re: Non US Cloud partners

      The simple answer is to provide your own cloud, hosted on your own servers in your own server room.

    2. Anonymous Coward
      Anonymous Coward

      Re: Non US Cloud partners

      Are you assuming that 'cloud' is a requirement rather than a short-term gimmick?

      Host your own data, host your own code, provide your own data protection, and secure your own backups. Et voila - "No US Presence" and you aren't at risk of breaking any EU laws.

  12. Anonymous Coward
    Anonymous Coward

    "This could mean fines for Microsoft."

    A better punishment would be to impose an order ending sales (or give-aways) of Windows 8 until they comply. They could start selling Windows 7 Retail (FPP) again under the order, but zero Windows 8 at all.

    This would be the equivalent of performing public service, such as cleaning up sick in a homeless shelter.

    1. Terry Cloth
      FAIL

      Fines for Microsoft---they're shaking in their boots

      According to the first report I could come up with (USA Today), MS had some $78G in cash 18 months ago. They could pay a $250k/day fine for over 800 years (or probably forever, since that stash would yield $2.1k/day at 0.1% annual interest).

      Of course, the judge could go with contempt of court and jail time for executives....

  13. Anonymous Coward
    Anonymous Coward

    Failed Business/IT model

    Given all this and the other cases we know about, the obvious way to route around it is to give "the cloud" a miss. We all know it's mere marketing-speak for rented services anyway, and nothing that cannot be pulled in-house. Unfortunately, it's not until a non-US company gets bitten on the bum and it's a demonstrable risk that the average corporate suit will take any heed to this.

    Meanwhile, I pity the many universities where students are forced to use US managed services like outlook. This ruling stifles any research where sources need protection, and I'm sure other use cases with similar jeopardy will occur.

    1. I ain't Spartacus Gold badge

      Re: Failed Business/IT model

      I'd imagine the next work-around is the Blackberry route. User-controlled encryption on all hosted servers, with the users controlling the encryption key and no central control of it. Then MS can't hand over the data, job done.

      Of course that does mean that users can lose their passwords/keys and permanently encrypt their own data forever... Oops. But I'd guess you'd have it as an option for those concerned about security.

      As a small business who've just chucked our emails on Office 365, I'm not worried. We don't have the resources or knowledge to manage our data any better than this. And I'm more worried by us not being able to access data at all, than the NSA also getting a look. Not that they'd be interested in us. Though I could imagine them trolling through every email they could reach search engine crawler style, to build up a huge database of email addresses, contacts, etc.

      The downside for us of going this route is that we've moved from a small hosted server that was easier to crack and had less redundency, to a better run one that's a more attractive target. So I'm betting that security by obscurity isn't the way to go.

  14. Anonymous Coward
    Anonymous Coward

    I'm surprised the Irish haven't spoken up on this issue. Their silence suggests they are happy for the septics to ignore EU Data Protection legislation.

    1. Anonymous Coward
      Anonymous Coward

      They have spoken up on the issue - a former Minister for Justice and still a practising senior lawyer in Ireland, has filed affidavits in the case in support of Microsoft.

      http://www.irishtimes.com/business/sectors/technology/microsoft-fights-us-request-for-irish-held-data-1.1884243

      Bear in mind that this is a court case between the US Government and a US company. The Irish government and other EU bodies don't have any direct role in the case. You can be sure that the issue has been raised at all sorts of diplomatic levels, but there is nothing about this case that would benefit from "megaphone diplomacy" - while the US government could drop their case, there is a perception that all sides in the case actually want the issue trashed out in court, so that they know where they actually stand.

  15. PVecchi
    Linux

    "What can a UK customer do?"

    Very nice article by a professional I respect but he ends it leaving apparently no hopes to the reader.

    It's true that GCHQ is exchanging favours with the NSA as they find it difficult and time consuming as well to follow the procedures set by UK laws but that at least it's a local issue.

    The point is that there are alternatives coming up all the time as finally UK and EU providers (not owned by a US Corp) are catching up.

    Even Linux servers installed on-site are becoming easy to manage, provide most of the services you get from Office365 and cost even less. On-site services have the added benefit of helping creating a "distributed" Internet so that at least our friends in GCHQ will have to do some work instead of easily getting our data from US Cloud services or from transit nodes that connect us to the rest of the world.

  16. PVecchi
    Big Brother

    Office365 secured by MoD?

    Just remembered that I received an email from an Office365 user where one of the hops was 25.161.53.154. RIPE says that network 25.0.0.0 is reserved to MoD & that specific address is named to the "Defence Interoperable Network Services Authority".

    Can anyone tell me if that's a glitch/misconfiguration or if the DINSA is just offering services to Microsoft to make our Internet experience more "secure"?

  17. Anonymous Coward
    Anonymous Coward

    Simple solution

    Have the end user data encrypted with a password that is kept only on the end user's side. If Microsoft is forced to hand over the data, they can only hand over encrypted data. Theoretically the NSA may be able to decrypt that given enough time, but the effort would only be worth it for true terrorist suspects, not random fishing expeditions. Though I think Microsoft is right to fight this, regardless.

    I suppose there's a downside that if the user loses his key he loses his data forever, but online services to back up your keys (run by/from countries that don't cooperate with the US courts) would undoubtedly spring up to fill that gap for those who can't manage this themselves.

    If I was transported back 30 years to Reagan's Cold War, what the US is trying to do would sound like something Reagan would be speaking out against the USSR or East Germany doing, and contrasting it with the US where we're protected by the Constitution. I guess we all got too fat and happy not having a war come to our borders for well over a century and being lone remaining superpower, so worries about a comparatively small number of people lost to terrorists over a decade ago have sadly made the masses all too willing to hand over their liberty in exchange for reducing the 0.00001% chance they might fall victim to a terrorist. Bin Laden may be dead, but he won.

    1. Yet Another Anonymous coward Silver badge

      Re: Simple solution

      Difficult to use Office365 if all the data is encrypted.

      It's very easy to keep data safe if you don't want to read or write it.

      A pile of disk drives and some thermite is generally acceptable.

  18. Anonymous Coward
    Stop

    Ah yes, those pesky international treaties....

    I can see why a country would want to have tools to access potential evidence in other countries, but the way to do this is through a treaty arrangement with those other countries. Yes, it's more laborious. Yes, it's potentially a LOT more laborious. But you can't just issue a warrant to grab data because the company providing the cloud service is American.

    Where does it stop? Country X wants some data in country Y, which is held in a datacenter owned by a company based in country Y, but the fiber optic links out of the datacenter are part-owned by a party in country X--so you force the data carrier to allow access to everything going back and forth through the fiber-optics?

    Government overreach at is (less than) finest. Let's hope that Microsoft wins this one.

    1. PVecchi

      Re: Ah yes, those pesky international treaties....

      "so you force the data carrier to allow access to everything going back and forth through the fiber-optics?" Sorry but that has been happening for quite a while.

      While GCHQ/NSA shouldn't spy on everyone in their own countries they are allowed to "monitor" communication that are coming in and out of their borders. For pure coincidence most of Cloud services people use are hosted in the US so GCHQ is happy as they can tap into that and NSA & Co are happy as they have the data they want about "aliens" at home.

      Then it happens that NSA & Co help the US economy to the detriment of ours (apart from the fact that using US Cloud we don't use local nerds) they are known to perform a good amount of industrial espionage. Nice guys, isn't it?

  19. a_a

    What about...

    ...companies that have a subsidiary in the US, are they vulnerable to US government pressure?

    I'm sure I read an article here about Vodafone and the US. How would their EU hosting customers be affected if Vodafone reentered the US market.

    1. SImon Hobson Bronze badge

      Re: What about...

      > What about...

      > ...companies that have a subsidiary in the US, are they vulnerable to US government pressure?

      Potentially yes.

      I used to work for a company that was part owned by a US one. While not in any way under US jurisdiction we had to comply with some US tax law (Sarbanes-Oxley) - because otherwise our US parent couldn't. However all that meant was having certain controls in place to ensure that accounts were accurate after (IIRC) the Enron and Worldcom scandals.

      But that was different - complying with the US law didn't require us to break UK law.

      Had our parent been required to hand over our (for example) customer data then that would have been another matter. I've no idea what would have happened as neither us nor the parent would have had the financial clout to fight it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like